Application Security Assurance (Penetration testing) Associate Director

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development?

At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed.

We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits :

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal / Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible / hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The impact you will have in this role :

Being a member of Technology Risk Management (TRM) team, the Application Security Assurance Associate Director is responsible for setting strategic direction in the areas of IT Risk and Information Security.

Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the IT Risk and Information Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security.

The Application Security Assurance program implements a variety of AppSec (Application Security) technologies, controls, tools and processes to ensure delivery teams are able to adhere and align with the Secure System Development Lifecycle to protect DTCC applications from existing and emerging security risks & improve application risk posture.

Your Primary Responsibilities :

• Conduct application security assessments, risk analysis, vulnerability testing and security reviews across DTCC’s businesses within the bounds of the Processes and DTCC Control Standards.
• Monitor and mitigate risk, escalate as required.
• Perform Ethical Application Penetration Testing (EAPT) on web applications and APIs.
• Provide assistance to the developers in detailing the vulnerabilities reported along with the recommendations for remediation.
• Provide excellent coordination across various teams in DTCC organizations.
• Manage tools, servers and infrastructure supporting the application vulnerabilities testing and analysis program. Work with infrastructure, database and application development team to ensure optimal use of tools.
• Contribute and maintain secure coding best practices & related guidelines.
• Industry research on the latest trends on application security technologies and posture to adopt to detect and report security risks.
• Mitigates risk by following established procedures and monitoring controls, spotting key errors, and demonstrating strong ethical behavior.

NOTE : The Primary Responsibilities of this role are not limited to the details above.

Qualifications :

• Minimum of 8 years of related experience
• Bachelor's degree preferred or equivalent experience.
• Certified in CISSP, OSCP or GWAPT

Talents Needed for Success :

• Serves as a trusted coach or mentor within the organization.
• Communicates openly keeping everyone across the organization informed.
• Ability to explain vulnerabilities and weaknesses in OWASP Top 10 and SANS Top 25 to any audience and discuss effective defensive techniques.
• Programming experience (C / C++, Java / J2EE, Javascript, AJAX, PHP, Visual Studio etc.) is a plus

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.